Hackers: Companies, protect your mobile apps

Today our phones are our most valuable possession and therefore also our most vulnerable. They make our life easier in more ways than one. Not only are they our link to friends, family and work colleagues but they hold our memories, let us shop, monitor our health, pay our bills and entertain us.

With this level of involvement in our lives, our mobile device and the data it holds can all too easily become a weapon used against us by hackers and fraudsters.

Hacker damage

Barely a month goes by without news of big corporations being hacked with serious damage. A global business outlook survey conducted by Grenoble Ecole de Management, Tilburg University and the Fuqua School of Business, Duke University, revealed that 96% of UK corporations have experienced an attack where hackers have successfully penetrated their IT systems. Therefore companies and brands are starting to take mobile security seriously and security and privacy is hitting the top of boardroom agendas.

The biggest threat to security is usually customer or employee clumsiness, such as losing a mobile phone or laptop, clicking on a phishing email or connecting through an unsecure Wi-Fi network. For this reason we’re seeing a growing demand for improved physical security, encryption and enhanced authentication, particularly in biometric form.

Biometric authentication is nothing new; the launch of iPhone 6 introduced fingerprint authentication to mainstream consumers but the sheer number of companies now offering gadgets and gizmos that enable this technology highlights the growing demand from businesses as well as consumers.

Mobile World Congress earlier this year was a hive of start ups introducing biometric security solutions. One of these was DDS, a Japanese company that distributes a portable key ring with fingerprint reader and Bluetooth connectivity (ideal for those devices that lack fingerprint reader).

While it is a helpful security layer, the main problem with fingerprint recognition is that a lot of devices simply do not ship an integrated reader. Using a separate device just for authentication is probably a big hassle for most users and simplicity is key. To tackle this, we’re seeing many companies taking an approach based on a device all smartphones carry; the camera.

Windows to the soul

Facial recognition using 3D techniques (to avoid someone using your Facebook profile picture to gain access to your phone) is used by start ups such as Saffe, OneVisage and FaceOn. They provide an software development kit that can be embedded into your app to enable face recognition as a replacement for a traditional login within applications, where this method is more suitable.

They say our eyes are the windows to our soul but recently they are the key to our data. Eye recognition is a method of identification that is on the rise. EyeVerify specialises in eye recognition and was at Mobile World Congress this year. With retinal scanners potentially being too invasive for normal users, EyeVerify is based on the external eye patterns (eyebrows, iris, eyelids, etc,) that are unique among different people, and identifies these simply with your smartphone camera.

As an industry, the banking sector has adopted biometric authentication early. Consumers are demanding a more simplified, ‘always on’ banking experience, which is bringing a wave of digital transformation to the banking sector.

Globally, 84% of banks are increasing investment in innovation as compared to 2009, when only 13% of banks increased investment [Innovation in Retail Banking 2014, Infosys and Efma]. This includes big investments in user research content, UX/UI, pilots, front end development and middleware development to support unique mobile features, but the majority goes to security and compliance. There is no evidence so far of a higher proportion of security breaches on mobile (versus the desktop,) or attacks for that matter yet, but it’s a great concern on users’ side.

Differentiated service

We’re seeing banks striving to offer a differentiated service by implementing additional layers of security for customers. It makes sense that our financial details will be a top priority in terms of security.

Lloyds Banking Group recently piloted heartbeat recognition technology for its mobile banking customers. The heartbeat is a vital signal of the body and as such, naturally provides strong protection against intrusions and falsification. Customers can unlock their online account through a wearable that authenticates the wearer by identifying the unique electrical signals emitted by his or her heart, known as an electrocardiogram, when it is first placed on the wrist.

The customer wears the band on one wrist and touches the top sensor with their mobile phone. Another set of sensors detects whether the person is still wearing the band, and shuts the device down if their heartbeat is not recognised.

Ultimately as technologies evolve we will likely see new types of threats on our devices but we will also innovate new ways of addressing these threats. For me this is exciting and I’ll be interested in seeing the ways which we can tackle these security and privacy issues with customers to enable them to stay competitive and meet their customer needs.

DMI is an end to end mobility company that combines all the skills and services necessary to deliver mobile enterprise solutions.

About Smart Chimps

Smart Chimps is the creation of freelance editor, writer and media trainer, Heather McLean. Heather has been involved in telecoms journalism since 2001, specialising in mobile since 2002. Find out more